Antivirus Software
  1. Home
  2. Computing & Technology
  3. Antivirus Software
See More About:
Webber Trojan Targets Wells Fargo, Citibank Customers
 Related Resources
• Virus Encyclopedia
• Glossary of terms
 
 Elsewhere on the Web
• F-Secure Description
• On-line Virus Checker
 

A Trojan disguising itself as correspondence from reputable banking entities Wells Fargo, Citibank, and E-Loan has been plaguing users since its discovery on July 16th, 2003. The Trojan, dubbed Webber by antivirus vendor F-Secure and TrojanProxy.Win32.Webber or W32/Heloc-mm by some vendors, compromises infected systems and downloads other infected executables.

The first of these miscreant emails targeted Citibank customers, arriving in inboxes with the subject line "Re: Your credit application" and an attached file named "web.da.us.citi.heloc.pif". The email body reads:

Dear sir,

Thank you for your online application for a Citibank Home Equity Loan. In order to be approved for any loan application we pull your Credit Profile and Chexsystems information, which didn't satisfy our minimum needs.Consequently, we regret to say that we cannot approve you for Citibank Home Equity Loan at this time.

*Attached are copy of your Credit Profile and Your Application that you submitted with us. Please take a close look at it, you will receive hard copy by mail withing next few days.

A second variant was discovered the following day, arriving in an email bearing the subject line "Re: Your E-Loan Refinance Application" and an attachment named "E-Loan-Appraiser-Results.pif". That email body reads:

Dear sir,

Thank you for your recent online Refinance Application with E-Loan Inc. Apparently you have moved from your current home address a couple of months ago, so we coulnd't verify your identity with Credit Bureaus and Chexsystems. We are sorry for any inconvenience.

Attached are scanned copies of your Home Value, Grant Deeds and your current Credit Profile from 3 major Credit Bureaus. Take a close look at it, as you will receive hard copies by usps mail in few days.

On July 22, a third variation of the themed email was discovered, this time targeting Wells Fargo bank. The email subject line reads "Re: Wells Fargo Bank New Business Account Application - ID# 4489". The email carries an attachment named "" and the body of the email reads:

Dear sir,

Thank you for your online application for a Business Account with Wells Fargo. We appreciate your interest in banking with us.

In order to open a Business Account, we must receive specific credit information that is verifiable. Because Wells Fargo has no locations in your state, we are unable to confirm the credit information in your application. Consequently, we regret to say that we cannot open an account for your business at this time.

Attached are your Wells Fargo Application and your Social Security File.

Sincerely,

Sherli Chin
Business Resource Center Services
Wells Fargo Bank

Next page > What Webber Does > Page 1, 2

Subscribe to the Newsletter
Name
 Email

Explore Antivirus Software
About.com Special Features
Family Tech Center

Stay connected and entertained with reviews on tips on the latest HDTVs, cellphones and more. More >

Connect Your Home Computers

Easy ways to connect two computers for networking purposes. More >

Antivirus Software
  1. Home
  2. Computing & Technology
  3. Antivirus Software

©2009 About.com, a part of The New York Times Company.

All rights reserved.